Red_Hat_Certificate_System-8.1-Release_Notes-en-US.pdf

(261 KB) Pobierz

Red Hat Certificate System 8.1 Red Hat Certificate System 8.1

Red Hat Certificate System

8.1

Release Notes

updated for Errata RHSA-2012:1103

Ella Deon Lackey

Legal Notice

T he text of and illustrations in this document are licensed by Red Hat under a Creative Commons

Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at

http://creativecommons.org/licenses/by-sa/3.0/.

In accordance with CC-BY-SA, if you distribute this

document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section

4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo,

and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus T orvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States

and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other

countries.

All other trademarks are the property of their respective owners.

1801 Varsity Drive

Raleigh, NC 27606-2072 USA

Phone: +1 919 754 3700

Phone: 888 733 4281

Fax: +1 919 754 3701

January 31, 2012; updated July 17, 2012

Red Hat Certificate System 8.1 Red Hat Certificate System 8.1

Abstract

T hese release notes contain the most accurate information on new features, known issues, and fixed

bugs for Red Hat Certificate System 8.1.

Table of Contents

1. New Features for Red Hat Certificate System 8.1

1.1. Certified Common Criteria Environment

1.2. T PS Subsystem Enhancements

1.3. Asynchronous Key Recovery

1.4. UI for Setting the Number of Key Recovery Agents

1.5. Separate Enrollment and Publishing Environments

1.6. Client Authentication with OCSP Publishing

1.7. Different CA and Certificate LDAP Schema Elements for LDAP Publishing

1.8. Generating a CRL from Cache

1.9. Updated CRL Scheduling Mechanism

1.10. New and Updated Default Subsystem ACIs

1.11. Port Forwarding for Simpler User-Facing URLs

1.12. Configurable SSL Session T imeout Periods

1.13. Using a Java Subsystems with the Java Security Manager

1.14. In-Place Upgrade

2. Features Introduced in Errata RHSA-2012:1103

3. Supported Platforms

3.1. Server Support

3.2. Client Support

3.3. Supported Web Browsers

3.4. Supported Smart Cards

3.5. Supported HSM

4. Installing Red Hat Certificate System Subsystems

4.1. Installation Notes

4.2. Install the Required JDK

4.3. Verifying Red Hat Directory Server

4.4. Verifying Apache

4.5. Installing mod_nss

4.6. Installing through yum

4.7. Installing from an ISO

5. Documentation for Certificate System 8.1

6. Errata and Security Releases for Certificate System 8.1

7. Bugs Fixed in Certificate System 8.1

8. Known Issues

9. Copyright and T hird-Party Acknowledgments

9.1. Copyrights for Portions of the Server

9.2. Copyrights for Certificate System Clients

10. Document History

T hese release notes contain important information related to Red Hat Certificate System 8.1 that may

not be currently available in the Product Manuals. New features, system requirements, installation notes,

known problems, resources, and other current issues are addressed here. You should read these

Release Notes in their entirety before deploying Red Hat Certificate System 8.1.

1. New Features for Red Hat Certificate System 8.1

Red Hat Certificate System 8.1 Red Hat Certificate System 8.1

Red Hat Certificate System 8.1 is a major release of Certificate System, and many new, contemporary

features have been added and existing features have been made more robust and flexible.

1.1. Certified Common Criteria Environment

IMPORTANT

Red Hat Certificate System 8.1 is still undergoing Common Criteria evaluation.

T he

Common Criteria for Information Technology Security Evaluation

is an international standard that

helps to define the security aspects and secure implementations of software and hardware. T o receive

certification, software is evaluated for security in a defined and controlled environment with clearly

delineated configuration and environment parameters. T his environment is called the evaluated

configuration.

Red Hat Certificate System 8.1 is Common Criteria certified at Evaluation Assurance Level 4 (EAL4). T he

procedure for setting up a certified environment, including configuration requirements and expectations,

is detailed in the

Deployment and Installation Guide.

NOTE

T he Certificate System target of evaluation includes all of the Red Hat Certificate System

subsystems,

except

for the Registration Authority. T his means that an environment which must

be Common Criteria certified cannot deploy an RA.

1.2. T PS Subsystem Enhancements

Numerous enhancements and new features have been added to the T oken Processing (T PS) System to

improve auditing and management and to simplify the user experience.

An enhanced administrative interface which provides the ability to edit and validate configuration of

the T PS, including profiles, server settings, and logs.

New subsystem self-tests.

An expanded list of auditable events, including new audit events for T PS server configuration

changes.

Improved audit log configuration, including new configuration parameters for the log size, logging

flush interval, and rolling log files.

Automatically shutting down the T PS server when its audit logs have hit the size limit and no rollover

option is given.

1.3. Asynchronous Key Recovery

Previous versions of Red Hat Certificate System supported only synchronous key recovery.

Synchronous key recovery meant that a single browser session (by the initiating agent) had to be kept

open during the entire recovery process. While the initiating agent kept the session open, the other key

recovery agents used a reference number to access that recovery thread.

Certificate System 8.1 introduces another option, an

asynchronous recovery.

Asynchronous recovery

means that each step of the recovery process can be performed individually, without maintaining a

continuous session. T he initial request and each subsequent approval or rejection is stored in the

DRM's internal database, under the key entry. T he data for the recovery process can be retrieved even

if the original browser session is closed or the DRM is shut down. T his also allows agents to search for

the key to recover, without using a reference number.

Plik z chomika:

MegaCoNz2014

Inne pliki z tego folderu:

Red_Hat_Certificate_System-8.1-Migration_Guide-en-US.pdf (1028 KB)
Red_Hat_Certificate_System-8.1-Admin_Guide-en-US.pdf (7506 KB)
Red_Hat_Certificate_System-8.1-Deploy_and_Install_Guide-en-US.pdf (5180 KB)
Red_Hat_Certificate_System-8.1-Agents_Guide-en-US.pdf (3104 KB)
Red_Hat_Certificate_System-8.1-Command-Line_Tools_Guide-en-US.pdf (720 KB)

Red_Hat_Certificate_System-8.1-Release_Notes-en-US.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: